Phishers using VoIP for new scheme

A messaging security firm identified two new attacks this week that use voice over internet protocol (VoIP) to carry out phishing schemes.

San Francisco-based Cloudmark said in a statement Tuesday that scammers posing as banks are sending mass emails directing PC users to dial a number to clear up inaccuracies with their bank account.

Victims who fall for the scam reach an automated message – connected over VoIP to a private branch exchange – that "sounds exactly" like their bank's real interactive voice response system.

"The result can be personally financially devastating," said Adam J. O'Donnell, senior research scientist at Cloudmark.

According to Cloudmark's statement, cybercriminals who use VoIP numbers "reduce the costs associated with conducting such attacks, providing the perpetrators with less risk of discovery." The technology allows scammers to use numbers that are harder to trace than traditional phone numbers.

The company said it advises people who receive these types of emails to call their bank to "double-check the numbers printed on ATM cards instead."

According to several media outlets, the scammers disguised themselves as representing a small bank in the eastern United States.

Get SC Media delivered to your inbox

Whitepaper of the Day

Newswire

Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.